<?php
include ("../main/inc/global.inc.php");

require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');
require_once (api_get_path(LIBRARY_PATH).'usermanager.lib.php');
require_once (api_get_path(CONFIGURATION_PATH).'profile.conf.php');

api_block_anonymous_users(); // only users who are logged in can proceed

// Top part of the HTML
Display :: display_header('Edit file');

// Connect to sql
$link = mysql_connect("localhost", "root", "root");
mysql_select_db("dokeos_main", $link);

//writes filecontent to file
if (isset($_POST['filecontent'])){
	$file = $_POST['editfile_filePath'];
	echo "<br>";
	$fp = fopen($file, "w+");
	if (flock($fp, LOCK_EX)){
		$tempfile = 'tempfiles/'.$_user['user_id']."_".$_POST['editfile_fileId'];
		// write to temp file
		$write_to_file_result = file_put_contents($tempfile, $_POST['filecontent'], LOCK_EX);
		if($write_to_file_result===FALSE){
			echo "<p> Unable to write to history file; please try again</p>";
		} else {
			// (debug) echo $_POST['filecontent'];
			// echo $file;
			// format of the diff: <UserName>_<FileId>_<NowTimestamp>
			$diff_file_path = 'diffs/'.$_user['user_id']."_".$_POST['editfile_fileId']."_".time(); 
			$diff_command = "diff ".$file." ".$tempfile." > ".$diff_file_path;
			// echo $diff_command;
			$write_to_diff_file = exec($diff_command);
			$add_history_sql="INSERT INTO file_revision_history (fileid, userid, diffpath) VALUES ('$_POST[editfile_fileId]', '$_user[user_id]', '$diff_file_path')";
			echo "<br>";
			// echo $add_history_sql;
			$add_history_result = mysql_query($add_history_sql, $link);
			// echo $add_history_result;
			if($write_to_diff_file===FALSE || $add_history_result===FALSE){
				echo "<p>Error when creating history; please try again</p>";
			} else {
				$write_to_file_result = file_put_contents($file, $_POST['filecontent']);
				if ($write_to_file_result===FALSE){
					echo "<p> Unable to write to change file; please try again</p>";
				} else {
					echo "<p> Successfully updated file!</p>";
				}
			}
		}
		flock($fp, LOCK_UN);
	} else {
		echo "<p> Someone else is updating the file; please try again</p>";
	}
}	
?>

<?php

// configuration
$url = 'http://domain.com/backend/editor.php';
$file = $_POST['editfile_filePath'];
$fileId = $_POST['editfile_fileId'];
// check user access

$sql_query_access = "SELECT fu.fileid, fu.isOwner, fu.canRead, fu.canEdit
from file_user fu
where fu.userid = " . $_SESSION['_user']['user_id'] . "
and fu.fileid = " .$fileId;
$result = mysql_query($sql_query_access, $link);

if (mysql_num_rows($result) == 0 ){
	echo "You do not have the correct access!<br/>";
	echo "<img src='im_watching_you.png' width='500' height='400'> ";
	exit();
}

// read the textfile
$text = file_get_contents($file);

?>
<!-- HTML form -->
<form name="updatefileform" action="editor.php" method="post">
<p><textarea name="filecontent" rows="45" cols="100"><?php echo htmlspecialchars($text) ?></textarea></p>
	<input name="editfile_filePath" type="hidden" value="<?php echo $file?>"/>
	<input name="editfile_fileId" type="hidden" value="<?php echo $fileId?>"/>
	<input type="submit" value="submit"/>
</form>
<form name="revisionHistory" action="history.php" method="post">
	<input name="editfile_filePath" type="hidden" value="<?php echo $file?>"/>
	<input name="editfile_fileId" type="hidden" value="<?php echo $fileId?>"/>
	<input type="submit" value="view revision history"/>
</form>
<?php
// Footer
Display :: display_footer();
?>
